diff options
Diffstat (limited to 'deps/npm/man/man5')
-rw-r--r-- | deps/npm/man/man5/folders.5 | 2 | ||||
-rw-r--r-- | deps/npm/man/man5/install.5 | 2 | ||||
-rw-r--r-- | deps/npm/man/man5/npm-shrinkwrap-json.5 | 2 | ||||
-rw-r--r-- | deps/npm/man/man5/npmrc.5 | 2 | ||||
-rw-r--r-- | deps/npm/man/man5/package-json.5 | 2 | ||||
-rw-r--r-- | deps/npm/man/man5/package-lock-json.5 | 2 | ||||
-rw-r--r-- | deps/npm/man/man5/package-locks.5 | 200 | ||||
-rw-r--r-- | deps/npm/man/man5/shrinkwrap-json.5 | 32 |
8 files changed, 6 insertions, 238 deletions
diff --git a/deps/npm/man/man5/folders.5 b/deps/npm/man/man5/folders.5 index 89df00b19d4..698c975880f 100644 --- a/deps/npm/man/man5/folders.5 +++ b/deps/npm/man/man5/folders.5 @@ -1,4 +1,4 @@ -.TH "FOLDERS" "5" "February 2021" "" "" +.TH "FOLDERS" "5" "March 2021" "" "" .SH "NAME" \fBfolders\fR \- Folder Structures Used by npm .SS Description diff --git a/deps/npm/man/man5/install.5 b/deps/npm/man/man5/install.5 index 106ca58a2fe..45e686155c6 100644 --- a/deps/npm/man/man5/install.5 +++ b/deps/npm/man/man5/install.5 @@ -1,4 +1,4 @@ -.TH "INSTALL" "5" "February 2021" "" "" +.TH "INSTALL" "5" "March 2021" "" "" .SH "NAME" \fBinstall\fR \- Download and install node and npm .SS Description diff --git a/deps/npm/man/man5/npm-shrinkwrap-json.5 b/deps/npm/man/man5/npm-shrinkwrap-json.5 index 12c366e6eef..cfcae39330a 100644 --- a/deps/npm/man/man5/npm-shrinkwrap-json.5 +++ b/deps/npm/man/man5/npm-shrinkwrap-json.5 @@ -1,4 +1,4 @@ -.TH "NPM\-SHRINKWRAP\.JSON" "5" "February 2021" "" "" +.TH "NPM\-SHRINKWRAP\.JSON" "5" "March 2021" "" "" .SH "NAME" \fBnpm-shrinkwrap.json\fR \- A publishable lockfile .SS Description diff --git a/deps/npm/man/man5/npmrc.5 b/deps/npm/man/man5/npmrc.5 index 410f4e4ea89..226ff9a42a0 100644 --- a/deps/npm/man/man5/npmrc.5 +++ b/deps/npm/man/man5/npmrc.5 @@ -1,4 +1,4 @@ -.TH "NPMRC" "5" "February 2021" "" "" +.TH "NPMRC" "5" "March 2021" "" "" .SH "NAME" \fBnpmrc\fR \- The npm config files .SS Description diff --git a/deps/npm/man/man5/package-json.5 b/deps/npm/man/man5/package-json.5 index cfe8eb3c6d7..a244fa7e4df 100644 --- a/deps/npm/man/man5/package-json.5 +++ b/deps/npm/man/man5/package-json.5 @@ -1,4 +1,4 @@ -.TH "PACKAGE\.JSON" "5" "February 2021" "" "" +.TH "PACKAGE\.JSON" "5" "March 2021" "" "" .SH "NAME" \fBpackage.json\fR \- Specifics of npm's package\.json handling .SS Description diff --git a/deps/npm/man/man5/package-lock-json.5 b/deps/npm/man/man5/package-lock-json.5 index f1e82de0a89..3424e66ee13 100644 --- a/deps/npm/man/man5/package-lock-json.5 +++ b/deps/npm/man/man5/package-lock-json.5 @@ -1,4 +1,4 @@ -.TH "PACKAGE\-LOCK\.JSON" "5" "February 2021" "" "" +.TH "PACKAGE\-LOCK\.JSON" "5" "March 2021" "" "" .SH "NAME" \fBpackage-lock.json\fR \- A manifestation of the manifest .SS Description diff --git a/deps/npm/man/man5/package-locks.5 b/deps/npm/man/man5/package-locks.5 deleted file mode 100644 index 0fc35cfb5a0..00000000000 --- a/deps/npm/man/man5/package-locks.5 +++ /dev/null @@ -1,200 +0,0 @@ -.TH "PACKAGE\-LOCKS" "5" "December 2020" "" "" -.SH "NAME" -\fBpackage-locks\fR \- An explanation of npm lockfiles -.SS Description -.P -Conceptually, the "input" to npm help \fBinstall\fP is a npm help package\.json, while its -"output" is a fully\-formed \fBnode_modules\fP tree: a representation of the -dependencies you declared\. In an ideal world, npm would work like a pure -function: the same \fBpackage\.json\fP should produce the exact same \fBnode_modules\fP -tree, any time\. In some cases, this is indeed true\. But in many others, npm is -unable to do this\. There are multiple reasons for this: -.RS 0 -.IP \(bu 2 -different versions of npm (or other package managers) may have been used to install a package, each using slightly different installation algorithms\. -.IP \(bu 2 -a new version of a direct semver\-range package may have been published since the last time your packages were installed, and thus a newer version will be used\. -.IP \(bu 2 -A dependency of one of your dependencies may have published a new version, which will update even if you used pinned dependency specifiers (\fB1\.2\.3\fP instead of \fB^1\.2\.3\fP) -.IP \(bu 2 -The registry you installed from is no longer available, or allows mutation of versions (unlike the primary npm registry), and a different version of a package exists under the same version number now\. - -.RE -.P -As an example, consider package A: -.P -.RS 2 -.nf -{ - "name": "A", - "version": "0\.1\.0", - "dependencies": { - "B": "<0\.1\.0" - } -} -.fi -.RE -.P -package B: -.P -.RS 2 -.nf -{ - "name": "B", - "version": "0\.0\.1", - "dependencies": { - "C": "<0\.1\.0" - } -} -.fi -.RE -.P -and package C: -.P -.RS 2 -.nf -{ - "name": "C", - "version": "0\.0\.1" -} -.fi -.RE -.P -If these are the only versions of A, B, and C available in the -registry, then a normal \fBnpm install A\fP will install: -.P -.RS 2 -.nf -A@0\.1\.0 -`\-\- B@0\.0\.1 - `\-\- C@0\.0\.1 -.fi -.RE -.P -However, if B@0\.0\.2 is published, then a fresh \fBnpm install A\fP will -install: -.P -.RS 2 -.nf -A@0\.1\.0 -`\-\- B@0\.0\.2 - `\-\- C@0\.0\.1 -.fi -.RE -.P -assuming the new version did not modify B's dependencies\. Of course, -the new version of B could include a new version of C and any number -of new dependencies\. If such changes are undesirable, the author of A -could specify a dependency on B@0\.0\.1\|\. However, if A's author and B's -author are not the same person, there's no way for A's author to say -that he or she does not want to pull in newly published versions of C -when B hasn't changed at all\. -.P -To prevent this potential issue, npm uses npm help package\-lock\.json or, if present, npm help npm\-shrinkwrap\.json\. These files are called package locks, or lockfiles\. -.P -Whenever you run \fBnpm install\fP, npm generates or updates your package lock, -which will look something like this: -.P -.RS 2 -.nf -{ - "name": "A", - "version": "0\.1\.0", - \.\.\.metadata fields\.\.\. - "dependencies": { - "B": { - "version": "0\.0\.1", - "resolved": "https://registry\.npmjs\.org/B/\-/B\-0\.0\.1\.tgz", - "integrity": "sha512\-DeAdb33F+" - "dependencies": { - "C": { - "version": "git://github\.com/org/C\.git#5c380ae319fc4efe9e7f2d9c78b0faa588fd99b4" - } - } - } - } -} -.fi -.RE -.P -This file describes an \fIexact\fR, and more importantly \fIreproducible\fR -\fBnode_modules\fP tree\. Once it's present, any future installation will base its -work off this file, instead of recalculating dependency versions off -npm help package\.json\. -.P -The presence of a package lock changes the installation behavior such that: -.RS 0 -.IP 1. 3 -The module tree described by the package lock is reproduced\. This means -reproducing the structure described in the file, using the specific files -referenced in "resolved" if available, falling back to normal package resolution -using "version" if one isn't\. -.IP 2. 3 -The tree is walked and any missing dependencies are installed in the usual -fashion\. - -.RE -.P -If \fBpreshrinkwrap\fP, \fBshrinkwrap\fP or \fBpostshrinkwrap\fP are in the \fBscripts\fP -property of the \fBpackage\.json\fP, they will be executed in order\. \fBpreshrinkwrap\fP -and \fBshrinkwrap\fP are executed before the shrinkwrap, \fBpostshrinkwrap\fP is -executed afterwards\. These scripts run for both \fBpackage\-lock\.json\fP and -\fBnpm\-shrinkwrap\.json\fP\|\. For example to run some postprocessing on the generated -file: -.P -.RS 2 -.nf - "scripts": { - "postshrinkwrap": "json \-I \-e \\"this\.myMetadata = $MY_APP_METADATA\\"" - } -.fi -.RE -.SS Using locked packages -.P -Using a locked package is no different than using any package without a package -lock: any commands that update \fBnode_modules\fP and/or \fBpackage\.json\fP\|'s -dependencies will automatically sync the existing lockfile\. This includes \fBnpm -install\fP, \fBnpm rm\fP, \fBnpm update\fP, etc\. To prevent this update from happening, -you can use the \fB\-\-no\-save\fP option to prevent saving altogether, or -\fB\-\-no\-shrinkwrap\fP to allow \fBpackage\.json\fP to be updated while leaving -\fBpackage\-lock\.json\fP or \fBnpm\-shrinkwrap\.json\fP intact\. -.P -It is highly recommended you commit the generated package lock to source -control: this will allow anyone else on your team, your deployments, your -CI/continuous integration, and anyone else who runs \fBnpm install\fP in your -package source to get the exact same dependency tree that you were developing -on\. Additionally, the diffs from these changes are human\-readable and will -inform you of any changes npm has made to your \fBnode_modules\fP, so you can notice -if any transitive dependencies were updated, hoisted, etc\. -.SS Resolving lockfile conflicts -.P -Occasionally, two separate npm install will create package locks that cause -merge conflicts in source control systems\. As of \fBnpm@5\.7\.0\fP, these conflicts -can be resolved by manually fixing any \fBpackage\.json\fP conflicts, and then -running \fBnpm install [\-\-package\-lock\-only]\fP again\. npm will automatically -resolve any conflicts for you and write a merged package lock that includes all -the dependencies from both branches in a reasonable tree\. If -\fB\-\-package\-lock\-only\fP is provided, it will do this without also modifying your -local \fBnode_modules/\fP\|\. -.P -To make this process seamless on git, consider installing -\fBnpm\-merge\-driver\fP \fIhttps://npm\.im/npm\-merge\-driver\fR, which will teach git how -to do this itself without any user interaction\. In short: \fB$ npx -npm\-merge\-driver install \-g\fP will let you do this, and even works with -pre\-\fBnpm@5\.7\.0\fP versions of npm 5, albeit a bit more noisily\. Note that if -\fBpackage\.json\fP itself conflicts, you will have to resolve that by hand and run -\fBnpm install\fP manually, even with the merge driver\. -.SS See Also -.RS 0 -.IP \(bu 2 -https://medium\.com/@sdboyer/so\-you\-want\-to\-write\-a\-package\-manager\-4ae9c17d9527 -.IP \(bu 2 -npm help package\.json -.IP \(bu 2 -npm help package\-lock\.json -.IP \(bu 2 -npm help shrinkwrap\.json -.IP \(bu 2 -npm help shrinkwrap - -.RE diff --git a/deps/npm/man/man5/shrinkwrap-json.5 b/deps/npm/man/man5/shrinkwrap-json.5 deleted file mode 100644 index 7457df20e4b..00000000000 --- a/deps/npm/man/man5/shrinkwrap-json.5 +++ /dev/null @@ -1,32 +0,0 @@ -.TH "SHRINKWRAP\.JSON" "5" "December 2020" "" "" -.SH "NAME" -\fBshrinkwrap.json\fR \- A publishable lockfile -.SS Description -.P -\fBnpm\-shrinkwrap\.json\fP is a file created by npm help \fBshrinkwrap\fP\|\. It is identical to -\fBpackage\-lock\.json\fP, with one major caveat: Unlike \fBpackage\-lock\.json\fP, -\fBnpm\-shrinkwrap\.json\fP may be included when publishing a package\. -.P -The recommended use\-case for \fBnpm\-shrinkwrap\.json\fP is applications deployed -through the publishing process on the registry: for example, daemons and -command\-line tools intended as global installs or \fBdevDependencies\fP\|\. It's -strongly discouraged for library authors to publish this file, since that would -prevent end users from having control over transitive dependency updates\. -.P -Additionally, if both \fBpackage\-lock\.json\fP and \fBnpm\-shrinkwrap\.json\fP are present -in a package root, \fBpackage\-lock\.json\fP will be ignored in favor of this file\. -.P -For full details and description of the \fBnpm\-shrinkwrap\.json\fP file format, refer -to the manual page for npm help package\-lock\.json\. -.SS See also -.RS 0 -.IP \(bu 2 -npm help shrinkwrap -.IP \(bu 2 -npm help package\-lock\.json -.IP \(bu 2 -npm help package\.json -.IP \(bu 2 -npm help install - -.RE |